Re: [gentoo-user] Hard drive storage questions
On Sat, May 9, 2015 at 10:46 AM, Todd Goodman wrote: > > As for keys, you could use Amazon's AWS Key Management Service. > Of course they could be sitting there gathering keys, but at some point > you either have to trust they'll do what they say or simply decide not > to use them at all (IMNHO.) That is really intended more for credentials used for hosted systems to communicate with other services/each other/etc. If you have to have your credentials in the cloud, then you might as well have a somewhat secure way to manage them. However, that is clearly inferior to not putting credentials in the cloud in the first place. > > You could also use AWS Key Management for backup data you want > "reasonably" secured and then your own keys for data you want more > highly secured (hopefully much smaller so the verify costs are more > reasonable.) > I just don't frequently verify my backups. I'm willing to trust Amazon to have my data when I ask for it. That is their entire business model with S3 and they're probably one of the stronger links in the data security chain. If I'm going to be paranoid about that, I'm going to probably have other things I'd prefer to improve first. I keep copies of my backup keys in a few places. My thread model is somebody hacking my account looking for personal data (finances/keys/whatever). If they hack into Amazon they won't have the necessary keys. If somebody manages to steal one of my keys in safekeeping elsewhere, they won't have access to any of the data encrypted using the key. If the NSA or whoever is going to access my Amazon data and also ask my bank to open my safe deposit box or whatever, then more power to them. I run a tor node, so they've probably rooted my box anyway. -- Rich
Re: [gentoo-user] syslog-ng: how to read the log files
On Sat, May 9, 2015 at 11:08 AM, lee wrote: > Rich Freeman writes: >> >> Who is forcing anybody to use anything? > > Look around and you will find that systemd has taken over Linux, with a > few exceptions as in distributions like Gentoo. The taking over will > probably continue until you cannot use Linux anymore without using > systemd. If that's not forcing, then what is it? They're not forcing you to use Linux at all, let alone Linux with systemd. Fedora v13 never contained systemd as far as I'm aware. Today it still works EXACTLY as it did then. Nobody is preventing you from using that. The same is true for any other distro that has adopted systemd. Your complaint isn't that people are forcing you to use systemd. Your complaint is that somebody isn't building a linux distro to your personal specifications free of charge. With FOSS we all contribute code that anybody can use for as long as they wish. The fact that you don't want to use the code that somebody wrote a few years ago and would rather they write updated software (perhaps with security vulnerabilities removed, features added, and so on) doesn't obligate others to create it for you. And that is my issue with this line of argument. It assumes that you have a right to demand that others create free software for you, and that they do it to your specifications. I get your frustration. There have been FOSS projects that were discontinued that I've thought were really valuable. However, while I mourn their indefinite slumber, I'm not going to complain that the devs chose to move on. I never paid them for what they gave me in the first place, and I have no right to demand more. The same is true of whoever maintains your init scripts. If you have a support contract that requires somebody to backport fixes to whatever you're using for 10 years, and they're breaking that contract, then I can only agree that you're in the right. Short of that, you've gotten what you've paid for. I understand your frustration, but I don't think the use of terms like "force" is justified. -- Rich
Re: [gentoo-user] syslog-ng: how to read the log files
On Saturday 09 May 2015 17:01:00 lee wrote: > Tom H writes: > > The systemd developers' use of disable/mask isn't wrong simply because > > you disagree with them. > > No, it's wrong because they don't know what "disabled" means. Feel free > to look into dictionaries and to examine the use of the word "disabled" > in it's language to find out what it means. I've been through this before, and a certain contributor to e-mail lists is still in my kill filter because of it. Some computing people, mostly American in my experience, insist that "disabled" means the same as "switched off". No amount of pointing out the error of this makes any difference. They merely shrug and cite custom and practice. It was never custom or practice in my patch of the forest. Incidentally, there's another stupidity in an ancient CPU instruction set, I think 8080. If I move something from A to B it's no longer at A, but in the mov instruction it finishes up in both places. Sometimes I wish the language were still extended only by scholars. -- Rgds Peter
Re: [gentoo-user] syslog-ng: how to read the log files
Rich Freeman writes: > On Mon, May 4, 2015 at 2:14 AM, lee wrote: >> Marc Joliet writes: >> >>> Personally, I'm probably going to uninstall syslog-ng, because journalctl is >>> *such* a nice way to read logs, so why run something whose output I'll never >>> read again? >> >> If you like it, nobody prevents you from using it. It's good to have >> many options. Just don't force others to use it as well. >> > > Who is forcing anybody to use anything? Look around and you will find that systemd has taken over Linux, with a few exceptions as in distributions like Gentoo. The taking over will probably continue until you cannot use Linux anymore without using systemd. If that's not forcing, then what is it? -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable.
Re: [gentoo-user] syslog-ng: how to read the log files
Tom H writes: > On Mon, May 4, 2015 at 1:57 AM, lee wrote: >> Canek Peláez Valdés writes: >>> On Sun, Feb 22, 2015 at 6:41 PM, lee wrote: I can't even read them on a working system. >>> >>> If that's true (which I highly doubt, more probably you don't know how to >>> read them), then it's a bug and should be reported and fixed. >> >> I read log files with less. The bug is that systemd uses some sort of >> binary files, and they aren't going to fix it. They even won't fix >> their misunderstanding of what "disabled" means. So why make bug >> reports? > > The systemd developers' use of disable/mask isn't wrong simply because > you disagree with them. No, it's wrong because they don't know what "disabled" means. Feel free to look into dictionaries and to examine the use of the word "disabled" in it's language to find out what it means. -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable.
Re: [gentoo-user] Re: How to poweroff the system from user?
Neil Bothwick writes: > On Wed, 15 Apr 2015 00:06:33 +0200, lee wrote: > >> >> > > How do you remember these keys? >> >> > >> >> > BUSIER backwards, or bookmark >> >> > http://en.wikipedia.org/wiki/Magic_SysRq_key in your phone's >> >> > browser :) >> >> >> >> Phone's browser? >> > >> > If you need the SysRq trick, you probably can't use your computer's >> > browser ;) . >> >> Then I won't have a browser I could use. > > Never mind, there's always Post-It notes - they aren't only for passwords. That isn't better than printing the key bindings ... -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable.
Re: [gentoo-user] Hard drive storage questions
* Rich Freeman [150509 09:00]: [..SNIP..] > One thing you can't cheaply do with Amazon is verify your backups. > Duplicity will happily check the data files against the manifest > hashes with a simple command, but it will cost you 10c/GB for whatever > you verify, since it will need to be transferred out. I guess another > option is to launch an EC2 instance with duplicity on it and have it > do the verify. That would be an internal Amazon transfer which is > both free and much faster, but it will cost you a few cents per hour > for the CPU time. I also don't know if duplicity can verify a backup > without the encryption keys - if it can't then you'll have to upload > your keys to EC2 which means Amazon could read your backups if they > wanted to. Otherwise duplicity is encrypting locally and all Amazon > does is store a bunch of encrypted data and regurgitate it on demand. > > -- > Rich Thanks for the great post Rich. As for keys, you could use Amazon's AWS Key Management Service. Of course they could be sitting there gathering keys, but at some point you either have to trust they'll do what they say or simply decide not to use them at all (IMNHO.) You could also use AWS Key Management for backup data you want "reasonably" secured and then your own keys for data you want more highly secured (hopefully much smaller so the verify costs are more reasonable.) Todd
Re: [gentoo-user] Hard drive storage questions
On Sat, May 9, 2015 at 6:56 AM, Dale wrote: > > https://aws.amazon.com/s3/ > > I'm trying to figure out just how much this would cost here. o_O Just > for my pics tho. > It works out to 1-3 cents/GB/month, depending on storage tier. Glacier is cheapest and very secure (or so they claim), but you will pay more to retrieve the data if you need it. If you aren't using RAID then I probably wouldn't use glacier since it is very likely that you'll be doing retrievals on occasion. The most expensive figure costs you 10c/GB to retrieve, and should be secure (again, their claims). The in-between figure is for reduced redundancy - it also costs 10c/GB to retrieve, but is less secure. I typically use the mid-cost reduced-redundancy option, since this is intended solely as a backup. If I were archiving data and not keeping a copy locally I would not use reduced-redundancy. As a backup, it is already redundant - what are the odds of my house and the Amazon datacenter having a disaster on the same day? Otherwise, if their datacenter burns down and the data disappears, then on the next day duplicity will simply do another full backup and I'm protected again. One thing you can't cheaply do with Amazon is verify your backups. Duplicity will happily check the data files against the manifest hashes with a simple command, but it will cost you 10c/GB for whatever you verify, since it will need to be transferred out. I guess another option is to launch an EC2 instance with duplicity on it and have it do the verify. That would be an internal Amazon transfer which is both free and much faster, but it will cost you a few cents per hour for the CPU time. I also don't know if duplicity can verify a backup without the encryption keys - if it can't then you'll have to upload your keys to EC2 which means Amazon could read your backups if they wanted to. Otherwise duplicity is encrypting locally and all Amazon does is store a bunch of encrypted data and regurgitate it on demand. -- Rich
Re: [gentoo-user] Changing the email address for bugzilla account
On Sat, 9 May 2015 07:06:25 -0300 José Romildo Malaquias wrote: > Hello. > > I have requested Gentoo's Bugzilla to change the email address for my > account, because the current address does not exist anymore. > > The site told me that "An email has been sent to both old and new email > addresses to confirm the change of email address." > > When confirming the change by following the link sent to the new email > address, bugzilla tells me that "The token you submitted does not exist, > has expired, or has been canceled." I believe that means it expects me > to click the old email link before the new email link. No, it doesn't. Well, at least at November 2014 (when I resubscribed from another e-mail) it did not. > How to proceed now? Should I contact some admin to fix my account for > me? If so, how can he/she be contacted? Just make another request on Bugzilla. Best regards, Andrew Savchenko pgpJye1cVvrb0.pgp Description: PGP signature
Re: [gentoo-user] Hard drive storage questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Neil Bothwick wrote: > On Mon, 04 May 2015 05:40:25 -0500, Dale wrote: > >>> You only need to upload it once, so it doesn't really matter how long >>> it takes. After that you do incremental backups. I use >>> app-backup/duplicity which not only takes care of incremental backups >>> and communicating with S3, but also encrypts everything with GPG. No >>> one would know you were uploading goat porn :) > >> It may be only once but it would be a very large once plus I'm on my >> puter a lot. > > You have to sleep some time, your computer doesn't :) A lot of the time, I'm downloading a list of movies while I am sleeping. That's when I do most of my downloading. I use download helper. Sometimes it can download for several hours. There are times when I nap and when I wake up, it is still downloading. ;-) I do the same when I leave to go to town too. > > >> Uploading slows my surfing to almost a dead stop. Newegg >> is a nightmare for me to surf on. Slowest thing I ever seen. Newegg >> isn't alone tho. > > As long as you restrict the upload speed to around 80-80% of your > available upstream bandwidth, it shouldn't affect downloading > significantly. It's when you saturate the upstream that your downloads > are affected. > > I don't know how to limit that. Still, I have a really slow upload speed. While I wouldn't want to lose some of it, it also would be a lot of trouble given the large volume of data. I'd much prefer something local and much faster. Now for my camera pics, that could be a option. Much less data and lots more important too. I'm assuming this is what you are talking about? https://aws.amazon.com/s3/ I'm trying to figure out just how much this would cost here. o_O Just for my pics tho. Dale :-) :-) -BEGIN PGP SIGNATURE- Version: GnuPG v2 iEYEARECAAYFAlVN58wACgkQiBoxVpK2GMAqfwCeMSL9IrGPJl5gJrI4crhk0SZn K0MAnig1nRYvR3lB9fY8b/+ou+K3NjCh =0DMG -END PGP SIGNATURE-
[gentoo-user] Changing the email address for bugzilla account
Hello. I have requested Gentoo's Bugzilla to change the email address for my account, because the current address does not exist anymore. The site told me that "An email has been sent to both old and new email addresses to confirm the change of email address." When confirming the change by following the link sent to the new email address, bugzilla tells me that "The token you submitted does not exist, has expired, or has been canceled." I believe that means it expects me to click the old email link before the new email link. How to proceed now? Should I contact some admin to fix my account for me? If so, how can he/she be contacted? Regards, Romildo
